Hi,

To confirm all daemons (pmacctd included) read a given file once. From
what i read you really want to do live collection off of an interface.

Paolo

On Sat, Aug 11, 2018 at 12:34:41AM +0530, RAJESH KUMAR S.R wrote:
> Looked at the CONFIG-KEYS doc and there were options for pcap files, So, I
> tried with
> "
> pcap_savefile: temp.pcap
> savefile_wait: true
> "
> 
> But the pmacctd is reading only once, even though the file is updated with
> new packets, I'm not able to see new data on pmacct side.
> 
> 
> 
> 
> On Sat, Aug 11, 2018 at 12:15 AM, RAJESH KUMAR S.R <rajuuu1...@gmail.com>
> wrote:
> 
> > Hi,
> >
> > I'm new to pmacct.
> > I need few clarifications regarding this tool
> >
> > I have a doubt regarding using a pcap file as input to pmacct
> > I'm trying to give a pcap file as input that gets updated continuosly.
> >
> > "sudo pmacctd -D -P print -r 30 -I temp.pcap  -c etype,src_host,dst_host"
> >
> >
> > The pmacctd tool exits after diplaying a list of flows.
> > $   sudo pmacctd -P print -r 30 -I temp.pcap  -c etype,src_host,dst_host
> > .......
> > 800    172.24.1.186
> > 224.0.0.251                                    1                     69
> > INFO ( default_print/print ): *** Purging cache - END (PID: 12988, QN:
> > 272/272, ET: 0) ***
> > INFO ( default/core ): OK, Exiting ...
> >
> > But, the file is updated continuosly. Is there any configuration to read
> > from the file continuosly.
> > Also, Is it possible to provide pcap input in .conf file, I used "
> > pcap_interface: file_path" , but it is not working.
> >
> >
> > Another doubt is regarding Netflow export,
> > I used pmacctd with following configuration
> >
> > "
> >    daemonize:false
> >    pcap_interface:eth0
> >    aggregate: src_host, dst_host, src_port, dst_port, proto, tos, class
> >    plugins: nfprobe, print
> >    nfprobe_receiver: 127.0.0.1:2100
> >    nfprobe_version: 9
> > "
> > and nfacctd with this configuration.
> > "
> >   daemonize: false
> >    nfacctd_ip: 127.0.0.1
> >    nfacctd_port: 2100
> >    plugins: memory[display], print
> >    aggregate: src_host, dst_host, src_port, dst_port, proto, tos
> > "
> >
> > nfacctd is displaying the data but most of the time exact match is not
> > there between the printed data i'm seeing in pmacctd and nfacctd.
> > Also, the nfacctd doesn't start collecting immediately, it takes some time
> > for getting printed output in nfacctd side whereas pmacctd continuosly
> > prints aggregated data.
> >
> > I'm not sure where I'm going wrong.
> >
> >

> _______________________________________________
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists


_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Reply via email to